# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
#
-# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
+# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
import uuid
from sfa.trust.certificate import Certificate
from sfa.util.faults import GidInvalidParentHrn, GidParentHrn
import uuid
from sfa.trust.certificate import Certificate
from sfa.util.faults import GidInvalidParentHrn, GidParentHrn
#
# URN is a human readable identifier of form:
# "urn:publicid:IDN+toplevelauthority[:sub-auth.]*[\res. type]\ +object name"
#
# URN is a human readable identifier of form:
# "urn:publicid:IDN+toplevelauthority[:sub-auth.]*[\res. type]\ +object name"
#
# PUBLIC_KEY is the public key of the principal identified by the UUID/HRN.
# It is a Keypair object as defined in the cert.py module.
#
# PUBLIC_KEY is the public key of the principal identified by the UUID/HRN.
# It is a Keypair object as defined in the cert.py module.
Certificate.__init__(self, lifeDays, create, subject, string, filename)
if subject:
Certificate.__init__(self, lifeDays, create, subject, string, filename)
if subject:
# Will be stuffed into subjectAltName
def set_email(self, email):
# Will be stuffed into subjectAltName
def set_email(self, email):
##
# Encode the GID fields and package them into the subject-alt-name field
# of the X509 certificate. This must be called prior to signing the
##
# Encode the GID fields and package them into the subject-alt-name field
# of the X509 certificate. This must be called prior to signing the
- str += ", " + "URI:" + uuid.UUID(int=self.uuid).urn
-
- if self.email:
- str += ", " + "email:" + self.email
+ string += ", " + "URI:" + uuid.UUID(int=self.uuid).urn
# FIXME: Ensure there isn't cruft in that address...
# EG look for email:copy,....
dict['email'] = val[6:]
# FIXME: Ensure there isn't cruft in that address...
# EG look for email:copy,....
dict['email'] = val[6:]
self.uuid = dict.get("uuid", None)
self.urn = dict.get("urn", None)
self.hrn = dict.get("hrn", None)
self.uuid = dict.get("uuid", None)
self.urn = dict.get("urn", None)
self.hrn = dict.get("hrn", None)
# @param dump_parents If true, also dump the parents of the GID
def dump(self, *args, **kwargs):
# @param dump_parents If true, also dump the parents of the GID
def dump(self, *args, **kwargs):
- result=" "*(indent-2) + "GID\n"
- result += " "*indent + "hrn:" + str(self.get_hrn()) +"\n"
- result += " "*indent + "urn:" + str(self.get_urn()) +"\n"
- result += " "*indent + "uuid:" + str(self.get_uuid()) + "\n"
+ result = " " * (indent - 2) + "GID\n"
+ result += " " * indent + "hrn:" + str(self.get_hrn()) + "\n"
+ result += " " * indent + "urn:" + str(self.get_urn()) + "\n"
+ result += " " * indent + "uuid:" + str(self.get_uuid()) + "\n"
- result += " "*indent + "email:" + str(self.get_email()) + "\n"
- filename=self.get_filename()
- if filename: result += "Filename %s\n"%filename
+ result += " " * indent + "email:" + str(self.get_email()) + "\n"
+ filename = self.get_filename()
+ if filename:
+ result += "Filename %s\n" % filename
- result += " "*indent + "parent:\n"
- result += self.parent.dump_string(indent+4, dump_parents)
+ result += " " * indent + "parent:\n"
+ result += self.parent.dump_string(indent + 4, dump_parents)
# for a principal that is not a member of that authority. For example,
# planetlab.us.arizona cannot sign a GID for planetlab.us.princeton.foo.
# for a principal that is not a member of that authority. For example,
# planetlab.us.arizona cannot sign a GID for planetlab.us.princeton.foo.
if self.parent:
# make sure the parent's hrn is a prefix of the child's hrn
if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()):
if self.parent:
# make sure the parent's hrn is a prefix of the child's hrn
if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()):
trusted_gid = GID(string=trusted_root.save_to_string())
trusted_type = trusted_gid.get_type()
trusted_hrn = trusted_gid.get_hrn()
trusted_gid = GID(string=trusted_root.save_to_string())
trusted_type = trusted_gid.get_type()
trusted_hrn = trusted_gid.get_hrn()
# trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')]
cur_hrn = self.get_hrn()
if not hrn_authfor_hrn(trusted_hrn, cur_hrn):
# trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')]
cur_hrn = self.get_hrn()
if not hrn_authfor_hrn(trusted_hrn, cur_hrn):